如何解决在Jhipster登录应用程序的配置文件中使用时如何加密Jasypt.encryptor.pasword属性
我正在使用JHipster注册表APP,并使用Jasypt库通过本地加密对所有微服务的集中式配置中的用户名和密码进行加密。
在执行此操作时,我观察到尝试加密默认用户名和密码(admin / admin)的瞬间(如下所述,在central-config文件夹中进行了加密),我已经配置了 gateway.yml (所有微服务通用配置的配置文件)
spring:
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true
**username: ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
password: ENC(HLr1wJLGRZPuHVMUgEhiUQ==)**
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQLInnoDBDialect
database: MYSQL
openInView: false
show-sql: true
liquibase:
drop-first: true
# Remove 'faker' if you do not want the sample data to be loaded automatically
contexts: dev
eureka:
instance:
prefer-ip-address: true
client:
service-url:
defaultZone:
# Jasypt Encryptor property================
http://**ENC(iNeA5NB8uu+MIXdPXBNzSw==):ENC(iNeA5NB8uu+MIXdPXBNzSw==)**@localhost:8761/eureka/
# ===========================================
# Jasypt Encryptor property
#============================================
jasypt:
encryptor:
password: jasyptkey
我也为Jasypt-maven spring boot starter config添加了注册表应用程序项目所需的依赖项,如下所示,它可以编译并完美地显示注册表
<dependency>
<groupId>com.github.ulisesbocchio</groupId>
<artifactId>jasypt-spring-boot-starter</artifactId>
<version>2.0.0</version>
</dependency>
我遇到的发现客户端/云配置服务器客户端无法识别端点URI的问题。
我还从微服务应用程序(网关)共享了 bootstrap.yml 文件,以备不时之需。
微服务应用程序 bootstarp.yml 文件就是这样
spring:
application:
name: gateway
profiles:
active: dev
include: composite
cloud:
config:
fail-fast: false
uri: http://admin:${jhipster.registry.password}@localhost:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
请建议在配置时以为是错误的,或者其他任何替代方式,或者它不支持基于Jasypt的加密/解密或需要配置更多内容?
解决方法
我已经找到了解决该问题的方法。我所做的唯一更改是通过传递了Jasypt加密库,该库是我使用传统的JHipster注册表应用程序Cloud Config Server加密/解密策略尝试过的。对于类似的事情,我不得不喜欢将任何Spring Cloud Config服务器发现与eureka一起使用。因此,当我通过 boostrap.yml 中的JHipster-Registry应用程序中的central-config文件夹通过本地文件系统使用集中式配置时,我已在注册表应用程序端禁用了Spring Cloud config服务器的crypto属性,例如
spring:
application:
name: jhipster-registry
profiles:
active: dev
include: composite
cloud:
config:
server:
#git:
# uri: https://github.com/debjupiter18/central-config-server
#skipSslValidation: true
bootstrap: true
**encrypt.enabled: false**
在我的微服务网关应用上启用了如下所述的功能
jhipster:
registry:
password: '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
spring:
application:
name: gateway
profiles:
active: dev
include: composite
# The commented value for `active` can be replaced with valid Spring profiles to load.
# Otherwise,it will be filled in by maven when building the JAR file
# Either way,it can be overridden by `--spring.profiles.active` value passed in the commandline or `-Dspring.profiles.active` set in `JAVA_OPTS`
#active: dev
cloud:
config:
server.encrypt.enabled: true
fail-fast: false # if not in "prod" profile,do not force to use Spring Cloud Config
uri: http://admin:${jhipster.registry.password}@localhost:8761/config
#http://admin:password@registry:8761/config/decrypt
# name of the config server's property source (file.yml) that we want to use
name: gateway
profile: dev
在Central-config文件夹中的 gateway.yml 文件中,已修改了以下两个加密属性,因为该目标是检查是否能够发现Eureka客户端并连接到MYSQL Db的原型。这些更改就位。
spring:
datasource:
type: com.zaxxer.hikari.HikariDataSource
url: jdbc:mysql://localhost:3306/gateway?useUnicode=true&characterEncoding=utf8&useSSL=false&useLegacyDatetimeCode=false&serverTimezone=UTC&createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true
username: root #{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4 #ENC(HLr1wJLGRZPuHVMUgEhiUQ==)
password: '{cipher}7f21f461454b9c0d99f2f81194257b9b0f77787cfab738b690f73c1ee84a73c4' #root
hikari:
poolName: Hikari
auto-commit: false
data-source-properties:
cachePrepStmts: true
prepStmtCacheSize: 250
prepStmtCacheSqlLimit: 2048
useServerPrepStmts: true
jpa:
database-platform: org.hibernate.dialect.MySQLInnoDBDialect
database: MYSQL
openInView: false
show-sql: true
liquibase:
drop-first: true
# Remove 'faker' if you do not want the sample data to be loaded automatically
contexts: dev #,faker
# Property to disable logging in GAE since we cannot write to GAE file system
mail:
host: localhost
port: 25
username:
password:
messages:
cache-duration: PT1S # 1 second,see the ISO 8601 standard
thymeleaf:
cache: false
sleuth:
sampler:
probability: 1 # report 100% of traces
zipkin: # Use the "zipkin" Maven profile to have the Spring Cloud Zipkin dependencies
base-url: http://localhost:9411
enabled: false
locator:
discovery:
enabled: true
security:
basic.enabled: true
user.name : admin
user.password : '{cipher}a7b13e30356a50ed81275d9428a31543d7f59eb9e374f3063a94464e9f4a5863'
eureka:
instance:
prefer-ip-address: true
client:
register-with-eureka: true
fetch-registry: true
service-url:
defaultZone: http://${spring.security.user.name}:${spring.security.user.password}@localhost:8761/eureka/
bootsrap.yml 中最后但并非最少使用的相同属性,均遵循在Config服务器端启用加密机制并帮助在服务器端解密相同属性的原则,这是由于JHipster注册表同时充当Cloud Config服务器和Eureka注册表。
encrypt:
key: bXktc2VjcmV0LWtleS13aGljaC1zaG91bGQtYmUtY2hhbmdlZC1pbi1wcm9kdWN0aW9uLWFuZC1iZS1iYXNlNjQtZW5jb2RlZAo=
``` in both **bootstarp.yml** file to leverage the Spring cloud config server at JHipster-registry app side,to use the encryption at server side and decryption at client side .
I am able to run the centralized configuration with encryption and deryption,I stopped using Jasypt library for now.
This is working for me,please let me know if any other suggestions or any downside of this solution,can discuss if anybody tried a different approach.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。